jeffersongoncalves/laravel-html-sanitizer

GitHub: jeffersongoncalves/laravel-html-sanitizer

一个 Laravel 包，用于在渲染前清理不受信任的 HTML 内容，剥离恶意脚本和事件处理器以防止 XSS 攻击。

Stars: 1 | Forks: 0

![Laravel HTML Sanitizer](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/9e8a88eb59080114.png)

# Laravel HTML Sanitizer [![Packagist 最新版本](https://img.shields.io/packagist/v/jeffersongoncalves/laravel-html-sanitizer.svg?style=flat-square)](https://packagist.org/packages/jeffersongoncalves/laravel-html-sanitizer) [![GitHub Tests Action 状态](https://img.shields.io/github/actions/workflow/status/jeffersongoncalves/laravel-html-sanitizer/run-tests.yml?branch=master&label=tests&style=flat-square)](https://github.com/jeffersongoncalves/laravel-html-sanitizer/actions?query=workflow%3Arun-tests+branch%3Amaster) [![GitHub Code Style Action 状态](https://img.shields.io/github/actions/workflow/status/jeffersongoncalves/laravel-html-sanitizer/fix-php-code-style-issues.yml?branch=master&label=code%20style&style=flat-square)](https://github.com/jeffersongoncalves/laravel-html-sanitizer/actions?query=workflow%3A"Fix+PHP+code+styling"+branch%3Amaster) [![总下载量](https://img.shields.io/packagist/dt/jeffersongoncalves/laravel-html-sanitizer.svg?style=flat-square)](https://packagist.org/packages/jeffersongoncalves/laravel-html-sanitizer) 这个 Laravel package 为 Symfony HTML Sanitizer 提供了一个简单的封装，用于安全地清理不受信任的 HTML。它会剥离 script、内联 event handler 和 Alpine 属性，同时保留渲染的 Markdown 和 README 所需的展示性子集（标题、列表、表格、代码块、图片、链接）。该 package 易于安装和配置，可与您现有的 Laravel 应用程序无缝集成。 ## 安装说明您可以通过 composer 安装此 package： ``` composer require jeffersongoncalves/laravel-html-sanitizer ``` ## 用法在渲染前，通过 `HtmlSanitizer::clean()` 传递任何不受信任的 HTML： ``` use JeffersonGoncalves\HtmlSanitizer\HtmlSanitizer; $dirty = '

Hello

'; $clean = HtmlSanitizer::clean($dirty); //

Hello

``` 该 sanitizer 会： - 丢弃 `